A solution architect is developing a serverless application consisting of AWS Lambda functions and Amazon Aurora Serverless cluster.
What solution would enable the solution architect to establish a connection to the Aurora Serverless cluster from the Lambda function?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because the Aurora Serverless DB cluster can't have a public IP address.
An Aurora Serverless DB cluster can only be accessed from within a VPC.Option B is incorrect because AWS Lambda execution roles are used for granting permission to access other AWS services and resources.
It is not used for network connectivity.
Option C is incorrect because VPC peering is used for creating a network connection between two VPC's.
It cannot be used to create a connection from Lambda to a VPC.Option D is CORRECT because the Aurora Serverless DB cluster can't have a public IP address.
An Aurora Serverless DB cluster can only be accessed from within a VPC.
Therefore, we require to connect the AWS Lambda to the private VPC using an elastic network interface.
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.htmlWhen a solution architect develops a serverless application using AWS Lambda functions and Amazon Aurora Serverless cluster, the application needs to connect to the Aurora Serverless cluster from the Lambda function. To establish a connection to the Aurora Serverless cluster, there are different solutions available.
A. Connect to the Aurora Serverless public writer-endpoint: This solution involves connecting to the public writer-endpoint of the Aurora Serverless cluster. However, this is not recommended for production environments, as it can introduce security risks.
B. Create an AWS Lambda Execution Role: This solution involves creating an AWS Lambda execution role that allows the Lambda function to access the Aurora Serverless cluster. The role can be configured with the required permissions and policies to allow the Lambda function to connect to the Aurora Serverless cluster.
C. Configure VPC peering: This solution involves configuring VPC peering between the VPC containing the Lambda function and the VPC containing the Aurora Serverless cluster. This allows the Lambda function to access the Aurora Serverless cluster securely.
D. Connect the AWS Lambda function to the private VPC via an elastic network interface: This solution involves connecting the Lambda function to the private VPC via an elastic network interface (ENI). An ENI is a virtual network interface that can be attached to an EC2 instance or a Lambda function. By attaching an ENI to the Lambda function, the function can access resources in the VPC, including the Aurora Serverless cluster.
Out of these solutions, option D is the best solution, as it provides the highest level of security and control over the connection between the Lambda function and the Aurora Serverless cluster. It enables the Lambda function to access the Aurora Serverless cluster securely within a private VPC. However, this solution may involve additional complexity and cost, as it requires the creation and management of ENIs.
Option B is also a valid solution, as it enables the Lambda function to access the Aurora Serverless cluster securely via a role with the required permissions. However, this solution may not provide as much control over the connection between the Lambda function and the Aurora Serverless cluster as option D.
Option A is not recommended for production environments, as it can introduce security risks. Option C is also a valid solution, but it involves configuring VPC peering, which may involve additional complexity and cost.